[firebase_auth] signInWithProvider for Twitter is missing user's access-secret needed for Oauth1 requests

[bobwith2bees]

Starting this as a question, as perhaps I am missing something. Twitter, unlike Facebook, requires both an access-token and access-secret for their Oauth1 protected endpoints. The recent support for twitter in Firebase auth, does not appear to provide the application access to the user's access-secret (aka authTokenSecret).

https://github.com/firebase/flutterfire/blob/master/packages/firebase_auth/firebase_auth/example/lib/auth.dart#L551

  Future<void> _signInWithTwitter() async {
    TwitterAuthProvider twitterProvider = TwitterAuthProvider();

    UserCredential userCredential;
    AuthCredential? authCredential;

    if (kIsWeb) {
      await auth.signInWithPopup(twitterProvider);
    } else {
      userCredential = await auth.signInWithProvider(twitterProvider);
      authCredential = userCredential.credential;
      print('access token: ${userCredential.credential?.accessToken ?? "no access-token found"}');
      print('twitter provider parameters: ${twitterProvider.parameters}');    }
  }

I can see the access token via the authCredential's credential member.
I also peeked back at the TwitterAuthProvider to see if there was a copy stashed there, but it was empty.
Just looking for what to put in the headers _ oauth_token_ and oauth_token_secret when accessing Twitters API on behalf of the user who just signed in my app.

At the end of the day, I am just trying to read the Twitter GET /2/users/me endpoint.

https://developer.twitter.com/en/docs/twitter-api/users/lookup/api-reference/get-users-me

This particular endpoint also supports OAUTH2, (not all are updated yet). Is the answer - 'Don't do OAUTH1'?

Workaroud:

The previous solution that leverages the https://pub.dev/packages/twitter_login provides authToken and authTokenSecret in the authResult.